wip

2021-11-07 14:30:28 +01:00 · 2021-11-07 14:30:28 +01:00 · 454d71e0d9
commit 454d71e0d9
parent 46c12fd05f
2 changed files with 4 additions and 2 deletions
--- a/bundles/bind/metadata.py
+++ b/bundles/bind/metadata.py
@ -116,7 +116,7 @@ def collect_records(metadata):


@metadata_reactor.provides(
-    'bind/zones',
+    'bind/views',
 )
 def ns_records(metadata):
    if metadata.get('bind/type') == 'slave':
@ -205,11 +205,13 @@ def generate_acl_entries_for_keys(metadata):
            'views': {
                view_name: {
                    'acl': {
+                        # allow keys from this view
                        *{
                            f'key {view_name}.{zone_name}'
                                for zone_name, zone_conf in view_conf['zones'].items()
                                if zone_conf.get('key', False)
                        },
+                        # reject keys from other views
                        *{
                            f'! key {other_view_name}.{zone_name}'
                                for other_view_name, other_view_conf in metadata.get('bind/views').items()
--- a/bundles/letsencrypt/items.py
+++ b/bundles/letsencrypt/items.py
@ -31,7 +31,7 @@ files = {
            'server': ip_interface(acme_node.metadata.get('network/external/ipv4')).ip,
            'zone': acme_node.metadata.get('bind/acme_zone'),
            'acme_key_name': 'external' + acme_node.metadata.get('bind/acme_zone'),
-            'acme_key': acme_node.metadata.get('bind/views/external/keys/external.' + acme_node.metadata.get('bind/acme_zone')),
+            'acme_key': acme_node.metadata.get('bind/views/external/zones/'+acme_node.metadata.get('bind/acme_zone')+'/key'),
            'domains': node.metadata.get('letsencrypt/domains'),
        },
        'mode': '0755',